diff options
author | Simo Sorce <simo@redhat.com> | 2016-07-26 11:19:01 -0400 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2016-12-12 13:39:44 +0100 |
commit | ca4e6c1fdfac9b545b26f885dc4865f22ca36ae6 (patch) | |
tree | 92b2245b68b343440591e47f82e4898d48c07c2e /ipaplatform | |
parent | 32b1743e5fb318b226a602ec8d9a4b6ef2a25c9d (diff) | |
download | freeipa-ca4e6c1fdfac9b545b26f885dc4865f22ca36ae6.tar.gz freeipa-ca4e6c1fdfac9b545b26f885dc4865f22ca36ae6.tar.xz freeipa-ca4e6c1fdfac9b545b26f885dc4865f22ca36ae6.zip |
Configure Anonymous PKINIT on server install
Allow anonymous pkinit to be used so that unenrolled hosts can perform FAST
authentication (necessary for 2FA for example) using an anonymous krbtgt
obtained via Pkinit.
https://fedorahosted.org/freeipa/ticket/5678
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
Diffstat (limited to 'ipaplatform')
-rw-r--r-- | ipaplatform/base/paths.py | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/ipaplatform/base/paths.py b/ipaplatform/base/paths.py index f85a2aa12..896fa9d98 100644 --- a/ipaplatform/base/paths.py +++ b/ipaplatform/base/paths.py @@ -240,7 +240,8 @@ class BasePathNamespace(object): KRB5KDC_KADM5_ACL = "/var/kerberos/krb5kdc/kadm5.acl" KRB5KDC_KADM5_KEYTAB = "/var/kerberos/krb5kdc/kadm5.keytab" KRB5KDC_KDC_CONF = "/var/kerberos/krb5kdc/kdc.conf" - KDC_PEM = "/var/kerberos/krb5kdc/kdc.pem" + KDC_CERT = "/var/kerberos/krb5kdc/kdc.crt" + KDC_KEY = "/var/kerberos/krb5kdc/kdc.key" VAR_LIB = "/var/lib" AUTHCONFIG_LAST = "/var/lib/authconfig/last" VAR_LIB_CERTMONGER_DIR = "/var/lib/certmonger" |